Authentication with SER

Question

In debugging yet another SIP hardware device I found that it was not authenticating after an INVITE. That is, the device sends me 'INVITE', I say 'SIP return codes', it says 'ACK', but I never hear from it again.

I am expecting another INVITE with the proper credentials...

In talking with the hardware vendor they let me know that I should be sending back a 407 instead of a 401. I have always done a www_challenge sequence, but, I wonder if that is truly proper. After all, SER is a proxy. Should I be challenging with a 'proxy_challenge'?

Answer:

The standard wants to use proxy_challenge (407) for proxies, www_challenge (401) for UAS such as registrar. The practical value of having two does not seem to be big to me, but if it makes your device happy, there should be no issue.

So use www_challenge and www_authorize for REGISTERs and proxy_challenge|proxy_authorize for non-REGISTERs.

Authentication with SER

Question

In debugging yet another SIP hardware device I found that it was not authenticating after an INVITE. That is, the device sends me 'INVITE', I say 'SIP return codes', it says 'ACK', but I never hear from it again.

I am expecting another INVITE with the proper credentials...

In talking with the hardware vendor they let me know that I should be sending back a 407 instead of a 401. I have always done a www_challenge sequence, but, I wonder if that is truly proper. After all, SER is a proxy. Should I be challenging with a 'proxy_challenge'?

Answer:

The standard wants to use proxy_challenge (407) for proxies, www_challenge (401) for UAS such as registrar. The practical value of having two does not seem to be big to me, but if it makes your device happy, there should be no issue.

So use www_challenge and www_authorize for REGISTERs and proxy_challenge|proxy_authorize for non-REGISTERs.